Hi emacs/tramp developers! Thank you for your efforts on tramp!
Today I updated emacs to 29.2 and I noticed something strange when I tried to use tramp to access files through the sudo method. This might turn out to be user error but I investigated it a little bit and I wanted to report what I found.
I'm running NixOS and recently upgraded from 23.11 to 24.05. I am using GNOME and I have `auth-sources` to `("secrets:Login" "~/.authinfo" "~/.authinfo.gpg" "~/.netrc")` (although to be honest I only ever use `secrets:Login` these days). My computer's name is black-diamond. My login keyring appears to have two secrets for the account `root@black-diamond` with port `sudo` -- both of these appear to be my normal user password.
I'm used to jumping to a file /etc/nixos/configuration.nix to change my system configuration, and I usually edit it with tramp/sudo by doing counsel-find-file, then typing //sudo: then hitting RET, then letting emacs connect and finally jumping around the filesystem from there. However, after the upgrade, it doesn't seem to work any more. Instead it asks me for a "label", whatever that means, and suggests `ethan@black-diamond`. I can press RET to dismiss it, but instead of the minibuffer showing me the files in the filesystem, it just shows an inert prompt and doesn't tab complete. Doing C-x C-f again and typing /sudo: shows two completions available (root@black-diamond and ethan@black-diamond) where previously there had only been one (root@black-diamond).
Investigating at first was challenging. I saw some lines in *Messages* saying "Tramp: ‘getconf PATH’ not successful, using default value "/bin:/usr/bin"." I thought this might be related because NixOS has a weird path structure. There was also "Tramp: Opening connection nil for root@black-diamond using sudo...failed", and that `nil` seemed suspicious but also normal.
I also tried turning on tramp-verbose to 10, which made emacs loop. (I think global-flycheck-mode was running on the tramp debug buffers and bringing emacs to its knees somehow.) However, it also produced a bunch of backtraces including an error like "Wrong type argument: stringp, #[0 "\300\207" ["..."]", where what was inside the ... was my actual user account password. This was kind of alarming, both because of the obscurity of the error and because I didn't expect the program to have access to my login password.
By strewing debug logs throughout tramp-read-passwd it looks like:
- When trying to connect to /sudo:root@black-diamond, it gets a username of ethan from the "password-vector" connection-property.
- So the auth-source-search query looks like :max 1 :user "ethan" :host "black-diamond" :port "sudo" :require '(:secret :user) :create t.
- The returned value for this search has a :secret value, even though it is being created. (Issuing the same query without :create t returns nil.)
- This :secret value is a byte-compiled function, but the byte-compiled function does not return a string when called -- instead, it returns a second byte-compiled function (which, when called, would return a string).
- Somehow the string returned by the second byte-compiled function is my password.
I have also discovered that trying to go through /sudo:ethan@black-diamond works fine, which is what makes me think this might be user error. I don't know much about the password-vector property -- I'm guessing it supports chaining logins. When there is an account name after the sudo: connection method, is it interpreted as an account to log into using e.g. ssh before doing sudo? From the manual, it seems like `/sudo::` should work OK and is understood to use the username `root`. Should I be using `ethan@black-diamond` as the path for doing this kind of thing using sudo? Should I be changing the usernames for my passwords in Seahorse?
```
(load-library "tramp")
(setq tramp-cache-read-persistent-data t)
(setq auth-source-save-behavior nil)
(setq auth-sources
'(default
"secrets:session"
"secrets:Login"
"~/.authinfo.gpg"))
(setq tramp-verbose 10)
```
(pressing C-x C-e after each sexp) then C-x C-f //sudo:: RET.
tramp-bug gathered a lot of information, which I'm attaching to this message.
I'm attaching the contents of the *debug tramp/sudo root@black-diamond* buffer, with my password hopefully sanitized. There is also a *debug tramp/sudo ethan@black-diamond* buffer which contains only:
```
;; Emacs: 29.2 Tramp: 2.6.2.29.2 -*- mode: outline; coding: utf-8; -*-
;; Location: /nix/store/7941hdbv2gqjjc91mbkyj8dhzm202qid-emacs-gtk3-29.2/share/emacs/29.2/lisp/net/tramp.elc Git: /
23:10:14.915077 tramp-set-connection-property (7) # first-password-request t
23:10:14.929651 tramp-get-connection-property (7) # first-password-request t; cache used: t
```
Please leave me CC'd, as I am not subscribed to the list.
Thanks!
Ethan
tramp-bug.txt